diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 1ddc997c6..add6b030e 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -24,6 +24,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "mbedtls/legacy_or_psa.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crl.h" @@ -1108,7 +1109,7 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen ); -#if defined(MBEDTLS_SHA1_C) || ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) +#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA) /** * \brief Set the subjectKeyIdentifier extension for a CRT * Requires that mbedtls_x509write_crt_set_subject_key() has been @@ -1130,7 +1131,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ); -#endif /* MBEDTLS_SHA1_C || (MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_1)*/ +#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */ /** * \brief Set the Key Usage Extension flags diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 89150114a..da85eb076 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1426,11 +1426,11 @@ int main( int argc, char *argv[] ) if( opt.psk_opaque != 0 ) { /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); else -#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a1b29786d..3113d1bb5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2261,11 +2261,11 @@ int main( int argc, char *argv[] ) if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 ) { /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); else -#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 7ff3345b7..42d8d1122 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -297,49 +297,23 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #define MBEDTLS_SSL_SIG_ALG( hash ) #endif -#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) ) -#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA -#endif -#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) ) -#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA -#endif -#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) ) -#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA -#endif -#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) ) -#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA -#endif -#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) ) -#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA -#endif - uint16_t ssl_sig_algs_for_test[] = { -#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) #endif -#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif -#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif -#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 ) #endif -#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ -#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) /* Allow SHA-1 as we use it extensively in tests. */ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 ) #endif